———————————————————————–
a.) This article assumes you already have SASL over SSL with DH-BLOWFISH or PLAIN.
a-1.)“Should the SSL stream become compromised in some manner,
PLAIN would make obtaining a user’s password as easy as forcing a reconnect,
while the other mechanisms provide additional layers of security.”
b.) You are reading this because you want to enforce a secure path over IRC with Irssi.
b-1.) Start your first process here. [Creating an SSL Certificate] – 3 Stages.
b-2.) Follow Freenode’s article to set SASL over SSL. [Configuring SASL for irssi]
c.) End goal is to have SASL over SSL(certs,cafile,verify) + ECDSA.
———————————————————————–
Right, let’s just get to it. In your home folder perform the following in terminal.

—————–SECOND PART——————–
1.) Add a line for your shell in your PATH. This can be done many ways depending on your shell.PATH=~/bin:$PATH
2.) Test your ECDSATOOL. Should have similar results as below.:~$ ecdsatool
usage: ecdsatool applet [options]
the following applets are available: keygen pubkey keyinfo sign usage
3.) In your ‘./irssi‘ folder create a certs(‘mkdir certs‘) directory. Browse into it, ‘cd certs‘.
4.) Generate your .pem cert using ‘ecdsatool keygen myNickFreenode.pem‘
5.) Back out of ‘certs‘ folder up one level to ‘/.irssi‘.

—————–THIRD PART——————–
1.) If you don’t have a ‘scripts‘ folder and an ‘autorun‘ folder.
2.) While under ‘./irssi‘. Create a scripts(‘mkdir scripts‘) folder. Browse it(‘cd scripts‘).
3.) Create an autorun(‘mkdir autorun‘) folder and Browse it.
4.) Grab ‘cap_sasl.pl‘ while inside the ‘autorun‘ folder. ‘wget http://freenode.net/sasl/cap_sasl.pl‘
5.) The version of 'cap_sasl.pl‘ should be ‘$VERSION = "1.5";‘. Look at line 8 in that perl script.

—————–FOURTH PART——————–
1.) You take this code found below and merge it with freenode’s code(‘cap_sasl.pl‘)
2.) example-for-cap_sasl.pl
3.) Open your ‘cap_sasl.pl’ with your favorite editor. Make sure you have Version 1.5, google it.
4.) Towards the bottom of the script you will see the following:
———————————————————————————pack("n/a*Z*a*", $pubkey, $u, $crypted);
};
};
# If DH-BLOWFISH is not available and you want to see why, uncomment this line:
# Irssi::print($@) if ($@);
———————————————————————————
5.) Create a new line after that last ‘};‘ and before the ‘# If DH-BLOWFISH‘ line.
6.) Paste that entire ‘example-for-cap_sasl.pl‘ from ‘kaniini/ecdsatool @ github‘
7.) Save file and exit your editor.

—————–FIFTH PART——————–
1.) Back out of ‘scripts/autorun‘ folder. Browse into ‘certs‘ folder.
2.) Run ‘ecdsatool pubkey myNickFreenode.pem‘. Save key for ‘NickServ‘ to use later.
3.) Run ‘:~$ irssi‘
4.) ‘cap_sasl.pl‘ should load without errors.
5.) You should still be identified + cloaked from your previous setup. If not don’t join any channels.
6.) Issue this command on irssi: Change accordingly for your config to match network name.
‘/sasl set freenode myNick ~/.irssi/certs/myNickFreenode.pem ECDSA-NIST256P-CHALLENGE‘

7.) Issue ‘/sasl save‘. A ‘sasl.auth‘ file will be created in ‘~/.irssi’
b.) Quit irssi and check sasl.auth, inside it:freenode myNick certs/myNickFreenode.pem ECDSA-NIST256P-CHALLENGE
8.) You can edit the config file, the sasl.auth file, or any other within ./irssi folder to match your needs.

—————–FINAL——————–
1.) Start irssi again.
2.) Grab that pubkey you generated on the fifth section.
3.) Link the key with your account.
‘/msg NickServ set property pubkey RANDOM-KEY-PREVIOUSLY-GENERATED‘
4.) NickServ should confirm the key.-NickServ(NickServ@services.)- Metadata entry pubkey added.
5.) Disconnect from the network, quit irssi, start irssi again.
6.) Once connected, scrolling up the status bar should show a result of the SSL->SASL:ECDSA.
b.) Something similar to this: